If you’ve ever experienced the integration throwing the ERROR about invalid cookies or an invalid session, or with the built-in integration where it seems to just stop updating (until you restart, at which time you more than likely get the invalid cookies error), then this might interest you…
There still seems to be a bit of a mystery why this happens to some but not to others, which is not totally surprising because, like many HA integrations, it’s using an undocumented & unsupported API. But given some recent data, I might have an idea why, or at least when, it happens.
The basic approach of this integration is to re-use a “session” from a browser that has logged into Google by dumping its cookies. The HA integration then uses those cookies, effectively pretending to be the original browser session.
It seems for many (including myself), it doesn’t really matter which Google account or accounts is/are used with the HA integration, how it was, or they were, created, and exactly how the cookies (in one or more files) were obtained. It just seems to work (for at least a year or two before those cookies eventually expire, or with the recent changes to save updated cookies, maybe forever.)
For others, either the cookies never work, or more likely, they work for a while (maybe 20 minutes, maybe a few hours, maybe a few days), but eventually they just stop working.
The problem seems to start, at least for some, when the original browser session used to obtain the cookies continues to interact with Google, either relatively immediately, or maybe at a later time/date. The Google server will send updated cookies to both “copies” of the session, and those sessions will resend them back to the Google server with each requested update.
This doesn’t seem to be a problem for many but is for some.
I think the underlying problem is that the Google server sees two different responses (one from the browser, and the other from HA) to what it sees as, or should be, a unique login session. Maybe it sees this as some sort of “man in the middle” attack, and maybe it has different rules in different parts of the world. Whatever the reason, it seems to respond by “invalidating” the session, at least for the HA integration.
With this in mind, I wrote the procedures for obtaining the cookies purposely to use a “private” browser window. Private browser windows (I think) typically don’t save cookies after the window is closed. Therefore, the browser shouldn’t continue to attempt to use that same login session (which will now be used by HA), even if the browser is reopened afterwards.
To expand on those procedures, if you’re experiencing this problem, my recommendation is to make sure ALL sessions for the account or accounts used with HA are closed / signed-out, and all associated browsers are closed, BEFORE following the procedure for grabbing the cookies file in a private window. This probably means the only practical “account strategy” (for people experiencing this problem) is the one I called “Alt acct only”. Also, it may or may not be important to never relog into that account in a browser or other device (except if the cookies ever expire, I guess.)
Before continuing, you should probably delete the current Google Maps integration entries in HA.
To make sure all sessions are closed / signed-out, do the following:
- Go to Google Account in a private browser window.
- Log into the account used by HA.
- Go to Security → “Manage all device” (under “Your devices”). All currently signed in sessions (including the one you just started) should be listed. Click on, and sign-out of, all of those sessions. You won’t, of course, be able to sign-out of the current session (probably listed at the top) this way.
- Now sign-out of the current session (via the icon in the top-right part of the window), and close this private browser window.)
Now go ahead and grab a new cookies file and add the Google Maps integration entry to HA.
I’d appreciate any thoughts on this theory, and if anyone who has been experiencing the problem tries the above, please let me know how it works for you, good or bad. I could, of course, be totally wrong here, but